Cybersecurity in the spotlight
When it comes to engaging with civil society on cybersecurity, 2022 African School on Internet Governance (AfriSIG) co-organiser Sheetal Kumar knows that “the work needs to be human-centric and inclusive, which is not always a given in security discussions.” Organised as an annual event, AfriSIG’s goal is “to develop a pipeline of leading Africans from diverse sectors, backgrounds and ages with the skills to participate in local and international internet governance structures and shape the future of the internet landscape for Africa’s development.”
Holding space for exploring internet governance issues across Africa is more urgent than ever. Whether for personal use, community connection or professional purposes, reliance on the internet is massively increasing, and accessing the internet securely – without surveillance, interception or harassment – is imperative for upholding human rights. However, the role of the internet in people’s daily lives has expanded more rapidly than policies, regulations and laws governing its use, compromising safety and privacy while creating wide disparities of access.
The United Nations Open-Ended Working Group (OEWG) on developments in the field of information and telecommunications in the context of international security was established in December 2018 with a view to addressing these challenges. The first OEWG presented its report in March 2021, setting out responsibilities of states in cyberspace.
While the report offered some excellent guidelines, the Media Foundation for West Africa (MFWA) noted in a policy brief this year that participation of African states, civil society groups and intergovernmental organisations at the OEWG was limited, highlighting the need for a more inclusive process to cybersecurity capacity building in the region. In the brief, MFWA outlines “what needs to be done by African governments, regional bodies and civil society organisations to participate in the OEWG process to contribute to a secure and stable internet.”
These findings served as the impetus behind the 2022 African School on Internet Governance. Co-organised by the Association for Progressive Communications (APC) and Global Partners Digital (GPD), AfriSIG this year brought together invited stakeholders representing African governments, the African Union Commission, law enforcement, media, civil society and digital rights organisations, cybersecurity experts, and OEWG participants. The School first held a virtual consultation on 15 June, paving the way for an in-person meeting from 16 to 18 July in Lilongwe, Malawi.
AfriSIG as a platform for cybersecurity capacity building
Spearheading the efforts were Anriette Esterhuysen, APC’s senior advisor on internet governance, policy advocacy and strategic planning, with Sheetal Kumar, GPD’s head of global engagement and advocacy. “I believe that at the AfriSIG 2022/OEWG open consultation we started conversations that, if continued at national level, could have long-lasting positive impact on collaboration between state and non-state actors at national level in the participating countries,” Esterhuysen reflected.
Kumar pointed out that the modalities of a multilateral forum like the OEWG can be difficult for civil society to follow, and so AfriSIG this year was “important to creating norms around cybersecurity and getting people impacted by the issues involved.”
Image: Presentations during AfriSIG 2022. Photo by Elizabeth Kolade.
This year’s School was also unique in how its purpose determined the process. The chair of the OEWG was looking to address cybersecurity capacity building, Kumar explained, and AfriSIG became the implementation of that recommendation. “It was important to bring together experts from across the region and different stakeholder groups to identify different needs,” she said.
School participants were by invitation only this year and came from various backgrounds to ensure diversity of gender, region, expertise, issue knowledge and OEWG engagement. “The process of identifying the needs was collaborative, with input from all participants through a common working document, and also included specific country experiences,” explained Nompilo Simanje, an AfriSIG rapporteur and Legal and ICT Policy Officer at the Media Institute of Southern Africa.
Jimmy Haguma, another AfriSIG rapporteur and Head of Electronic and Counter Measures of the Uganda Police Force, agreed it was encouraging “to see all participants actively share what they are doing, and more so bring international best practices into the room.”
The virtual consultation was planned to open a line of discourse into the main event in Lilongwe, which itself was scheduled immediately before the 11th African Internet Governance Forum.
The School developed the AfriSIG 2022 Output Document (also available in an abridged version), a multistakeholder input developed for the second OEWG session that took place later the same month. Kumar noted that where the OEWG annual progress report makes broad recommendations, “what is useful about the Outcome Document is that it is specific and responds to the [capacity building] mandate.”
The Output Document gives opportunities to stakeholders to engage with cybersecurity issues alongside UN processes by developing capacity building on the ground. The recommendations serve as a reference for implementation, fundraising and collaboration.
Image: AfriSIG 2022 participants. Photo by Elizabeth Kolade.
Building recommendations for the OEWG and beyond
Participants were very engaged in the School’s process and the development of the Output Document because, affirmed Simanje, "there were key issues that all participants were agreeing on, including a gender perspective, a human-centric perspective and a multistakeholder approach.”
The group engaged in a process called “the elephant in the room”, where participants explored challenges to capacity building in Africa. This involved looking at issues from both government and civil society points of view in order to start identifying common ground. As Kumar explained, questions such as “Why isn’t more collaboration happening? What is missing?” fed into the development of the Output Document.
Ironically, one of the greatest challenges to capacity building that was identified is the lack of capacity to follow complex multilateral processes, where civil society particularly struggles. To that end, a key recommendation encourages governments to establish a feedback loop to present information more accessibly and transparently. “Information should be shared within government but also other stakeholders should do a better job of sharing. It needs to be a team effort because capacity is so low,” Kumar said, adding, “The mechanisms of information sharing need to continue along with multistakeholder dialogues, in order to share what is happening in multilateral forums.” This aligns with a parallel need for sustained reporting and capacity building.
On the challenge of multistakeholder collaboration, Esterhuysen added that “some of these difficulties are structural, rooted in, among other things, civil society's role in holding governments accountable as ‘duty bearers’ responsible for respecting and promoting human rights, and serving the public interest.” She echoed, however, that “in many respects these difficulties relate to insufficient understanding of what it means to be ‘in the shoes’ of another stakeholder group, and of the particular pressures under which they operate.” Bringing participants from different backgrounds together throughout AfriSIG was a significant step toward bridging those gaps and finding common ground.
Taking all this into account, the recommendations in the Output Document act as a reference point for stakeholders, feeding into the OEWG but also applicable nationally and regionally at subsequent consultations. That call for multistakeholder engagement was echoed by Simanje, who noted that they identified a clear need for “collaboration and coordination of state and non-state actors.”
Haguma further suggested “prioritising cybersecurity during budgeting to ensure adequate resourcing for cybersecurity capacity development by integrating cyberhygiene, digital safety and security into standard educational curricula at primary, secondary, tertiary levels and in vocational training programmes.”
Putting the School to work for the network
Bringing it back to the APC network, what we now have is a meaningful resource that can be referenced by members and others in the Africa region and adapted for global use. “Members in the network can take the recommendations and start implementing them, or identify other stakeholders that they can work with, hold consultations, and use it as a means to spark conversations,” Kumar enthused.
It also presents a framework for members to connect and identify who in the network has similar needs or capacity gaps. Building a solidarity movement in this way means that lessons, skills and resources can be shared, creating opportunities to connect on additional recommendations.
There are positive indicators for what this could mean for the network since the AfriSIG Output Document is already being discussed in multiple regional and global multilateral forums. During the OEWG in July, a presentation by the African Union expert working group drew closely from the Output Document and received positive feedback from government and law enforcement representatives, who had not had an opportunity to share with other stakeholders on that subject previously, Kumar noted.
The document was also presented at this year’s Forum on Internet Freedom in Africa in Zambia in September, as well as being scheduled for discussion during a pre-event at the Internet Governance Forum in Ethiopia in November.
By all accounts, the AfriSIG Output Document, created by a diverse and dedicated group of stakeholders, is opening doors for others to come together and explore possibilities for more effective cybersecurity capacity building across Africa.
Most of all, the School this year highlighted the value of creating a dedicated space for exploring such issues. “AfriSIG 2022 not only succeeded in developing a prioritised overview of the capacity building needs in cybersecurity of different stakeholder groups and sectors in Africa,” Esterhuysen stated, “it also provided a safe space for frank discussion on how difficult real-life multistakeholder collaboration can be, particularly between government and civil society.”